Skip to content

Performance Tuning and Security Hardening

After a lot of messing around and research I’ve decided to make some critical changes to the server and upgrade from CentOS 6.6 to 7.0. This enables me to install the latest Apache and use MySQL 5.6 which is leaps and bounds better than the prior iterations particularly in the Innodb handling department.

I’ve also been able to update the OpenSSL version we are using and this was actually one of the deciding factors to migrate to CentOS 7 since an upgrade in place on CentOS 6.6 was near impossible. I had decided I’d spent enough time on it.

So here we are, and I can say from the time I spend on the various portions of the site, it is blazing fast now. I’ve been doing some tuning, i.e MySQL, Apache and PHP optimization. As a result I’ve achieved a maximum load time (while stress testing) of 4 seconds with an average of 1.30ms and a minimum of even less in some cases.

best

Once I had the machine purring I began to invest my time in the security of the server itself. Applying firewall rules that only let me access certain portions of the server (specific ports) and managing what would appear to be DDOS attacks (should they ever occur)

Most importantly, I’ve tweaked the OpenSSL in conjunction with Apache to redirect all traffic to port 443 for HTTPS use exclusively. By narrowing down the ideal set of SSL Ciphers to use and when I’ve maximized compatibility with browsers across the board (with the exception of IE6 on Windows XP). I’ve also disabled SSLCompression as it was a security risk and I’ve disabled SSLv3 to keep safe from the newly discovered POODLE attack.

As proof, I utilized a site known as Qualys SSL Labs which tests websites running SSL Certificates for security and compatibility by assigning a letter value score and a report on why the mark was given with more details as you scroll down. The report can be found here and the site can be tested again, if you have the time (about 75-100 seconds per test) however I’m proud to state that nobreaks.ca has received an A+ in its SSL security.

security

 

So enjoy, stay safe, and keep watching Nobreaks.ca Plex!

LightSpeedTaco